How to setup IP V6 auto-configuration

networking linux debian ipv6

Solution 1:

I would like to use the second address for my docker containers so my thinking is that I have to configure that address in /etc/docker/daemon.json

Docker's configuration doesn't take an address – it takes a network prefix (in other words, a whole subnet). It needs an unique address for each container, not just for Docker as a whole.

And as long as Docker manages its own isolated network, it should have a dedicated prefix – in both IPv4 and IPv6 it is not straightforward to make two interfaces use the same subnet prefix (i.e. route addresses that are supposed to directly belong to your subnet).

Whether you want to "share" an IPv4 /24 or an IPv6 /64, the problem is that your router and everyone else in the subnet will expect to make ARP (NDP) queries and receive replies – but that won't happen if the address is deassigned from eth0 and routed somewhere further.

To actually make such a "shared" prefix work, you would need to:

  • directly attach the containers to eth0 (e.g. using macvlan bridge mode in Docker), or
  • run Proxy-NDP on the host (e.g. ndppd), so that your host would give out NDP responses on behalf of the addresses that it routes, or
  • drop the idea, and configure a whole separate /64 for docker0.

Can I configure my system to assign only one IPv6 address to eth0 so that the other one stays available for docker?

This doesn't make any sense to begin with. Don't think of it as "having to keep the other address available". The entire /64 is available, and if you need an address you can literally just take a third address from the same /64.

(You'll need to do this anyway, because each of your Docker containers needs an unique address.)

In IPv6 stateless autoconfiguration, the host only receives the network prefix – there is no quota for addresses per host, indeed one of the two addresses you're currently seeing is most likely flagged 'temporary' and gets replaced with a brand new one every few hours. There is also no specific protocol for claiming/leasing an address, which is why it's named "stateless" autoconfiguration.

Also in stateless mode the IPV6 address is a combination of the Prefix and my MAC address. Do I specify the full IP in static mode or can the MAC part be auto-configured ?

You specify the full IP address; however, you can choose any suffix you want. It is not required to be based on your MAC address, it just has to be unique and within the subnet prefix.

Other hosts will always use NDP (ARP for IPv6) to discover your layer-2 address, there is no special treatment for "MAC-based" IPv6 addresses in that regard.

(Well, unless the network operator really insists on it – but then your eth0 wouldn't work with these two IPv6 addresses anyway, as only one of them is MAC-based – the other one is generated randomly.)

Various operating systems have completely stopped using MAC-based addresses even for stateless autoconfiguration, replacing them with meaningless hash-based addresses (e.g. according to RFC 7217).

Related

Drive recovery: zipped image is much smaller than original drive
Where is the google-chrome instance?
Node.js on Alpine Linux inside Docker: update to latest minor version
Extracting image from PDF with /CCITTFaxDecode filter
Convert unicode codepoint to string character in Ruby
ASP.NET MVC Model Binder for Generic Type
c# gridview row click
How to display a pdf in a modal window? [closed]
How to force WPF to use resource URIs that use assembly strong name? Argh!
Share data between components using a service in Angular2
Detect in-app browser (WebView) with PHP / Javascript
How to blur imageview in android